Windows Metafile (WMF) vulnerability: Microsoft didn’t catch-up with Windows vulnerabilities leaving users unprotected

By Jeff Thenet

A new vulnerability has been discovered in the Microsoft Windows’ Graphic Rendering system on December 28, 2005. This vulnerability allows a person to install Malware such as viruses and spyware on a PC. This vulnerability is exploited when some applications such as Internet Explorer or Firefox display images from an attacker web site. In the last three days many web site are using this exploit. This new Windows vulnerability has been discovered at a particular bad period of the year as many computer technology professionals are in vacation. However, Microsoft has issued a Microsoft Security Advisory (912840) yet there is no patch available up to now. This is particular bad as home users can be infected by Virus and Spyware just by browsing the Internet. It didn’t take long to have many web sites using this exploit. In addition some spam emaisl are sent with an attached picture containing this exploit.

There is one email with a Subject: "Happy New Year" and a body: "picture of 2006". The attached file HappyNewYear.jpg. (MD5: DBB27F839C8491E57EBCC9445BABB755). When the HappyNewYear.jpg is opened or worst if it’s stored on the hard drive and opened by some indexer program such as Google Desktop, it executes and downloads a Bifrose backdoor (F-Secure: Backdoor.Win32.Bifrose.kt) from this web site www[dot]ritztours[dot]com (source F-Secure)

 

 Microsoft has not yet issued any patch for its popular Windows operating system leaving the user unprotected. This is another signs that what is called zero day exploits are becoming more common and that the Internet is still and will continue to be a dangerous place.

Up to now, the best way of protecting your Windows based computer and family from the Windows Metafile (WMF) vulnerability is to use an up-to-date Internet Security Suite with virus and Spyware protection as well as a firewall. Many Internet Service Providers are now providing either for free or for an affordable price some best of the breed up-to-date Security Suites. You should ask your ISP for their particular offers or check their Web portal. Obviously keep your Windows version up-to-date with the latest Microsoft patches with the Automatic Windows Updates or visit this Microsoft Windows Update web site.

Jeff Thenet is an Internet Security expert focussed on helping people to be safe online.

 

Windows Metafile (WMF) vulnerability: Microsoft didn't catch-up with Windows vulnerabilities leaving users unprotected

 

 
Web homenetworksecurity.info

 

 

arrow
magnify
faq
keys
software
contact

 

Online reference for home network security and family safety using broadband Internet access
http://HomeNetworkSecurity.info 2001-2007